diff options
Diffstat (limited to 'readme.md')
| -rw-r--r-- | readme.md | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -267,6 +267,28 @@ themselves; in that case the request is passed on. before the frame that exceeds this limit. Therefore the body is up to one frame size smaller than allowed. +- **module `ratelimit`** + - Limits the rate at which requests can be processed. For this every identity + (see below) has a request counter. The counter is reset after a fixed time + delay. + - `reference_duration`: Duration in seconds after which request the counter + are reset. + - `identity`: Requests are counted per identity. Default is source address. + - `!global`: Use a central counter + - `!source_address`: Count per source ip address + - `!source_address_trunc`: Same but truncate them before. Requires keys `v4` + and `v6` which control how many trailing bits are discarded respectively. + - `!path`: Count per path (excluding query) + - `!path_query`: Count per path (including query) + - `max_identities`: Always rejects requests if there are already more than + this many identites tracked. + - `thresholds`: A list of `[threshold, mode]` pairs that are checked and + conditionally executed in order. + - `!too_many_requests`: Responds with a empty request with 429 status code + and `Retry-After` header set. Later thresholds are not checked. + - `!exec <path>`: Invokes a script like CGI would but expects no output. + - `next`: Inner handler. (module) + - **module `debug`** - Replies with information about the request to debug. Includes source address, HTTP version, method, URI and headers. |